Beware “HEALTH SECURITY ALERT” phishing email!

ITS staff have received numerous reports of a recent email that is attempting to steal your username and password! If you receive an email with the subject line “HEALTH SECURITY ALERT” or “HEALTH ISSUE ANNOUNCEMENT ON CAMPUS”, which looks like the screenshot below, please delete it and do not click any links within.

Screenshot of phishing email with subject "health security alert", and a link to view and download.

See more Phishing Wall of Shame examples at blogs.umb.edu/phishing


If you have given your personal information to a phishing attack like this, please act quickly. Change your password at mypassword.umb.edu, and notify IT Staff by emailing abuse@umb.edu for more help.

STUDENT PHOTOGRAPHY PROJECT 2017

Technology is a primary form of communication for students around the world. Not only does it have academic significance, it acts as a personal companion in our day-to-day lives.  Five students at UMass Boston engaged in an extensive photography workshop lead by Lisa Link. Students worked on a total of two semesters on these photo projects and met every Wednesday for their critique and reviews.

“It is so important to have critiques because they help you in giving another perspective on your images- highlighting the good and the areas that need more work,” said Sashi Poudel, one of the student photographers.

The 2017 student photography project event was held on the 17th of May in the Upper Level of Healey Library.  Lynn Nguyen, Cynthia Rubio, Aisha Yousuf, Sashi Poudel and David Liu presented their works and celebrated a project well done with light refreshments and conversation. Students, faculty, and bystanders observed the photographs with great admiration.

David Liu, a sophomore studying Information Technology, shot all his photographs with his iphone 7 and in portrait mode. He further explained how he used an editing application on his phone which helped him to add effects to his images. Although Liu has some experience with photo and videography in the past, he felt that the weekly meetings, critiques, and topics helped him build on that skill further.

There were also students who did not have that much of prior experience- and that’s okay! The best part about the workshop is that Lisa works with students to not only teach them the basics and a step higher than that but she also assists in teaching them how to use photoshop. Lynn Nguyen, a freshman, was one that did not have any experience. She found her interest in reflection imagery and mainly worked with those images. She captured the everyday use of phones, explaining that there is something new in technology every year and the industry is growing at such a fast pace- it is impossible to capture it all in one image but she tried to show how significant phones are in a student’s life.

Sashi Poudel, a senior and a computer science major, also claimed to have learned many new tricks and techniques to photography. Just like any ordinary young male, Sashi did not have prior experience either. He described their workshop as “amazing and fun.” When asked about what role technology plays in his life, he said, “we are too much into technology, accessing information has become easier than ever and I think that now virtual has become a reality.” Sashi also experimented with a very distinct style in his image, called the “long exposure photo” where he and David along with a friend from the IT department turned on their phone torchlights and ran across an open space in the library. The result? a beautiful pattern captured by the camera lens in the long exposure mode.

The event also was highly significant in keeping up with UMass’s reputation of student diversity by exhibiting an image related to people with disabilities and how they use technology. The image was taken by Aisha Yusuf, a senior studying psychology. She explained how there is a disabilities lab called “AC Lab” and how it is equipped with devices that allow those who are physically impaired in any way to access information just like any other student on campus does. The example she used was that of a desktop-like device that magnifies the text for the viewer. Aisha also explained that she had a pleasant time working with Lisa link who taught her how to take a reflective shot and use photoshop and cameras in general.

Overall, just like last years photo workshop, the students had a wonderful experience that was a mix of teammate bonding and learning. Lisa emphasised on the fact that this group, in particular, was very engaging and collaborated constantly with one another on projects and critiques.

“I believe that the students must express their views about the university. It benefits IT into understanding what they want and think and how IT can help them gain that access or experience. They must feel comfortable to utilise the IT space” she said.

This event was only the beginning of another exciting project. The images have been placed on the left wall of the lab hall in UL, and every year, the IT photo projects will progress up the hall, and soon students will be walking around works of art. This not only beautifies the hall further, but it creates a sense of community and belonging.

The student IT event was once again a great success, if any students wish to participate in this exciting opportunity, they must email Lisa Link at: Lisa.link@umb.edu

 

WannaCry Ransomware Windows Vulnerability

As widely reported in the press over the weekend, a new ransomware threat named “WannaCry” has impacted Windows machines (workstations and servers) around the globe. Due to better Windows update compliance, systems in the US have been less impacted than international systems. This threat only impacts select Windows systems and does not impact Apple iOS systems.

“WannaCry” is initiated when a user responds to a phishing query by opening and executing an attachment to that email. Once it executes, it encrypts files on the affected local computer and shared drives. The user is then asked to pay a ransom to recover the files. To add salt to injury, “WannaCry” malware spreads aggressively by behaving like a worm and attempts to infect other vulnerable unpatched machines on the network. As far as we know, the format of the phishing email is not consistent but the underlying Windows vulnerability only impacts unpatched Windows XP, 7, and 8 systems, as well as Windows Server 2003 and 2008 Editions. Windows 10 PCs patched in March of this year are not affected by this attack.

UMass Boston Windows XP systems are rare and are believed to be offline as they do not show up on ITS Qualys scans. If you have an XP system and would like us to help you upgrade please send an email to ITSecurity@umb.edu and the ITS Security team will respond asap.

Windows 7 & 8 systems which are current in terms of patching updates are not vulnerable. This includes all workstations supported by the ITS KACE workstation management service and some departments which have similar services.

For those systems which are not current in terms of updates and where the user has fallen for the phishing attempt, several actions may occur.

  • The system’s hard drive and associated network shared drives may be encrypted by running the attachment. In this case, the user is presented with a message that, until a ‘ransom’ is paid, the user will not be able to access the data on the encrypted drive(s).

NOTE: UMass-wide IT Security Policies prohibit the payment of ransom. Should a user experience a ransom query, he or she should not respond to the query and should immediately contact IT Security by emailing ITSecurity@umb.edu or by calling Wil Khouri, UMass Boston Information Security Officer, at 617-287-6232.

  • Additional systems on the UMass Boston network may be scanned from the infected system for the underlying vulnerability and those vulnerable systems may be encrypted and the ransom notification presented to the user(s) of that vulnerable system.

UMass Boston’s best defense to this, and all malware, is an educated and vigilant user community recognizing these threats, reporting them to ITSecurity@umb.edu, and deleting the offending email.

Beware of Ransomware, a virus that locks your files until you pay a ransom. Run antivirus, backup your files, keep your computer updated, and be careful what you download.

Beware of the “Verify your email address” phishing email!

ITS staff have received numerous reports of a recent email that is attempting to steal your username and password! If you receive an email with the subject line “[your name]@umb.edu Will be close”, which looks like the screenshot below, please delete it and do not click any links within.

See more Phishing Wall of Shame examples at blogs.umb.edu/phishing


If you have given your personal information to a phishing attack like this, please act quickly. Change your password at mypassword.umb.edu, and notify IT Staff by emailing abuse@umb.edu for more help.

The Anatomy of a UMass Boston Spear Phishing Attack

By Wil Khouri
Assistant Vice Provost and Information Security Officer
Information Technology Services / Communications and Infrastructure Services

Spear phishing is phishing crafted to target specific individuals or groups within an organization. The hackers responsible for the spear phishing emails have essentially done their homework regarding who their victim will be, and researched carefully how to personalize and customize the message to make the message more appealing to increase the probability of getting a response from the target audience.

Spear phishing emails are tailored in such a way to include information targeted victims would think only another employee, friend, or family member would know. In this digital age, the Internet, and particularly social media, has made it easy for hackers to gather such pertinent information. For instance, a hacker needs only to visit a victim’s LinkedIn and Facebook pages or look through their web profiles to gather enough information to craft the perfect spear phishing message. In addition, Hackers craft the messages in such a way to grab one’s attention with alarming, shocking, or tempting information.

Recently, UMASS Boston students, faculty and staff received emails appearing to originate from UMASS legitimate addresses. These emails had a variety of subject lines designed to draw people in, including “Important message from UMB Faculty/Staff”, “Important Information”, “[IT Status Alert] Your Account will expire soon”, or “Your account has expired”.

One particular message targeting faculty and staff appeared to be from the address “IT News <psoft@umasscs.net>” with the subject line “[IT Status Alert] Your Account will expire soon” and presented in the following format:

Click the screenshot below to zoom in. Pay attention to the numbers (1-4) in Figure 1 as you read on.

Screenshot of the phishing attack, with UMass IT branding, reading "Your account will expire soon, Sign In to proceed"
Figure 1. The Makeup of the Phishing email targeting UMB employees.

Unfortunately, a handful of employees inadvertently provided Personal Identifiable Information (PII) including passwords, social security numbers, bank routing and personal account numbers, to the hackers. Information Technology Services Security and Systems staff, Human Resources staff, as well as the Information Security staff at the UMASS president’s office, acted swiftly and took the necessary steps to contain the damage. Upon further investigation, we found out that the hackers used the phished PII to access bank accounts, modify bank routing and account information to re-route the employee’s compensation to untraceable credit cards not attached to bank accounts (prepaid access cards), and used the data to file fraudulent tax returns especially when the university confirmed that their “W2” forms had been accessed Online.

Refer to Figure 1 above for the following paragraph.

What made this phishing scam so effective is (1) the spoofed “From” origin which appeared to originate from a functional UMASS president office email account, (2) the subject line format which mimicked our campus “status alert” format, and (3) the use of a legitimate “IT News” template that Information Technology Services (ITS) normally uses for its “alert” communications. As it is the case with many phishing scams, a sense of urgency was added to spice the message up.

That begs the question how would one differentiate legitimate emails from phishing scams?

Fortunately, you can often tell phishing links from safe links by dissecting their construct. The most effective step one may use so not to fall for these scams is to (4) hover the mouse over the link to reveal its Uniform Resource Locator (URL), commonly known as web address destination, and in this case, as it is shown in Figure 1, it shows two components; The first part is the one you see: “Sign in to proceed.” And then there is the second part of the link you don’t see which is revealed by hovering over. This is the actual address that controls where the link will actually go. In our case, it reveals an odd URL: “http://www.jjlemaire.mu/wp-admin/images/sm-prd11.ucollaborate.net.html”. Always be wary of URLs that contain numbers, subtle spelling mistakes, odd connotations, and unfamiliar endings and domain letters (e.g. mu).

What must raise your suspicion are attempts to get you to reveal private information, such as your social security number or bank account information. Phishing attacks may ask you to download files, fill out forms or reply with information. If you cannot determine whether a message is phishing or not, try to contact the sender directly to verify its authenticity but never use the communication means appended to the suspicious message to verify its contents. If still in doubt report it to abuse@umb.edu.

For those who proceeded to click the link, the landing page was engineered to look deceivingly similar to the “UMASS HR Direct” page with the familiar “Secure Access Login” fields with two crucial differences; First, the URL valid certification was missing and presented as follows:

As compared to the valid and secure (5) legitimate site URL:

The most important cue and skill, if you will, is to check for the URL’s valid certification (5). Remember GREEN IS GOOD. NEVER enter any information without first checking the valid certification of the site which always displays a green secure link with a green lock icon: 

The second red flag in the phishing site was the .mu top-level domain which is the code for the “Republic of Mauritius”. Notice that the fraudulent landing page was “www.jjlemaire.mu” and not “sm-
prd11.ucollaborate.net” like it was supposed to be and it was crafted deceivingly with our legitimate domain name imbedded within the .html construct (6). While the public has become more savvy at spotting scams, and in desperation, those malicious actors are spending serious effort in honing their craft making it a challenge to recognize spear phishing messages. However, it is really simple to beat them: Be aware of the cues that raise your suspicion and if in doubt always ask. If you suspect you may have been phished, do act quickly; Change your password at mypassword.umb.edu, and notify ITS staff by emailing abuse@umb.edu.

As threats arise, our campus community will be trained to identify these types of targeted attacks. Information Security often runs simulated Self-Phishing campaigns for educational purposes. For those who fail the simulation we encourage you to take the assigned exercise modules provided post-
simulation or go to: http://iatraining.disa.mil/eta/phishing_v2/launchpage.htm The above link is courtesy of the US Department of Defense. And no, it is not a Phishing attempt nor a simulation if you’re wondering. You do not believe me? Go ahead and hover over the link. It will reveal a “.mil” domain belonging to the US Military.

One last thought… As a community of higher education, our weapon is knowledge. Do take the time to learn how to scrutinize between what is legitimate and what is not. We do not want to feed on fear and paranoia to the point of rendering our tools we use daily useless. Let’s all learn how to defeat the scammers. It is very simple. Really very simple.

Microsoft Security Patches – January

On January 10th, 2017, Microsoft released security patches for:

  • Windows 10, 8.1, 7, Vista
  • Windows servers 2016, 2012, 2008
  • Microsoft Office 2016

We strongly encourage you to apply these patches to your PC as soon as possible. For information about these updates please visit:

https://technet.microsoft.com/en-us/library/security/ms17-jan.aspx

Click on the Windows logo located on the lower left hand corner of your computer screen, a menu will appear, click on “Control Panel”.
Once in the Control Panel, type the words “windows update” in the Search Control Panel field located in the upper right hand corner. As you do, the following screen will immediately appear.

Now, in the upper left handle corner, click the words “check for update”. This screen will appear

Click the “Check for updates” button to begin the checking. The following screen will appear after the checking is completed. All Important Updates must be installed. Click the “Install updates” button to begin the installation. You will need to reboot your computer to finish the installation later.

Alternatively, if you are using Internet Explorer you can click on Tools > and select Windows Update to install the latest security patches.
For questions please call the Service Desk at 617-287-5220 or via email at ITServiceDesk@umb.edu.

Phone Service Disruption – January 12, 2017

[Update: All campus phone service has been restored.]

We have identified the root cause of the campus phone service disruption as an off-campus issue with one of our vendor services. This is the failure of physical cabling in Dorchester over which our incoming and outgoing calls are routed. The vendor is actively working to repair the problem but, at this point, we do not have a predicted resolution time from the vendor.

This service issue impacts all our inbound/outbound phone services, both the heritage analog service and the new and expanding VOIP service. Calls within campus are not impacted. The impact is for all calls coming into campus and campus calls dialing off campus.

We will provide the next update either when the service is restored or in approximately two hours should the issue persist. We are continuously working with our vendor to remedy this situation as soon as possible.

 

PHISHING WALL OF SHAME – “Academic Dishonesty”

Scammers are willing to invest the time to trick you!

Phishing is a type of cyber scam designed to trick you into giving your personal information.

Today’s example was reported by a few users who could tell something smelled phishy!

phishing-stack9

In this example, there is no obvious request for money or personal info! The scammer went so far as using a real staff person’s name and title, and even referring to the correct section of the UMass Code of Conduct! That’s crafty! At first even we IT staff weren’t sure if maybe this was a real email…

How can you know when a legit looking email is a scam?
Trust your gut, and verify!

★ Be suspicious of unexpected notifications
★ Call the real staff person and ask if the message is real

We got in touch with the real department referred to in the email and they told us it was not real! The scammer is weaving a story about “Academic Dishonesty” by a UMass Boston student. It’s a serious matter, but the message never makes an obvious request for money or personal info. In these “long-cons”, an email like this is the first step in building a relationship of trust between the scammer and the recipient. The scammer hopes you’ll bite and reply, and then the inevitable trap will spring!

If you are suspicious of a file, link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.

Always remember…

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/

Microsoft Security Patches – December

On December 13th, 2016, Microsoft released security patches for:

  • Windows 10, 8.1, 7, Vista
  • Windows servers 2016, 2012, 2008
  • Microsoft Office 2016, 2013; 2010, 2007

We strongly encourage you to apply these patches to your PC as soon as possible. For information about these updates please visit:

https://technet.microsoft.com/en-us/library/security/ms16-dec.aspx

Click on the Windows logo located on the lower left hand corner of your computer screen, a menu will appear, click on “Control Panel”.
Once in the Control Panel, type the words “windows update” in the Search Control Panel field located in the upper right hand corner. As you do, the following screen will immediately appear.

Now, in the upper left handle corner, click the words “check for update”. This screen will appear

Click the “Check for updates” button to begin the checking. The following screen will appear after the checking is completed. All Important Updates must be installed. Click the “Install updates” button to begin the installation. You will need to reboot your computer to finish the installation later.

Alternatively, if you are using Internet Explorer you can click on Tools > and select Windows Update to install the latest security patches.
For questions please call the Service Desk at 617-287-5220 or via email at ITServiceDesk@umb.edu.

Microsoft Security Patches – November

On November 8th, 2016, Microsoft released security patches for:

  • Windows 10, 8.1, 7, Vista
  • Windows servers 2012, 2008, 2003
  • Microsoft Office 2016, 2013; 2010, 2007

We strongly encourage you to apply these patches to your PC as soon as possible. For information about these updates please visit:

https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx

Click on the Windows logo located on the lower left hand corner of your computer screen, a menu will appear, click on “Control Panel”.
Once in the Control Panel, type the words “windows update” in the Search Control Panel field located in the upper right hand corner. As you do, the following screen will immediately appear.

Now, in the upper left handle corner, click the words “check for update”. This screen will appear

Click the “Check for updates” button to begin the checking. The following screen will appear after the checking is completed. All Important Updates must be installed. Click the “Install updates” button to begin the installation. You will need to reboot your computer to finish the installation later.

Alternatively, if you are using Internet Explorer you can click on Tools > and select Windows Update to install the latest security patches.
For questions please call the Service Desk at 617-287-5220 or via email at ITServiceDesk@umb.edu.